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Having thus described our invention, what we claim as 
new and desire to secure by Letters Patent is as 
follows : 

A method for validating establishment of at least 
one IP communication tunnel, the method comprising: 



validating 
validatior 

verifying 
can commun|i 
process . 



that transformations from an originator of a 
process have been established properly; and 

that at least one participant in the tunnel 
cate with the originator of the validation 



2 . A meth 
validating 



^d as recited in claim 1, wherein the step of 
comprises : 



sending an IIP packet on the communication tunnel with a 
predetermined value in a Time-To-Live field; 
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receiving ari ICMP message generated by the network in 
response to the sent IP packet; and 

examining the! contents of the ICMP message to validate 
that the transformations were done properly. 



23 3. A method as recited in claim 1, wherein the step of 

24 validating comprises: 
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1 establ:>shing a device level socket at the originator; 



sendinc 



an IP packet on the communication tunnel; 



receiving a copy of the IP packet from the device level 
socket after the transformations have been applied; and 



5 examining the contents of the copy to validate that the 

6 transformations were done properly. 

7 4 , A method as recited in claim 1, wherein the step of 

8 validating comprises: 

9 establishing a dummy interface at originator with the 
10 address of la participant in the tunnel; 
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sending an :: 
participant; 



examining th 
the trans 



P packet on the communication tunnel to the 



receiving trie IP packet from the dummy interface after 
the transformations have been applied; and 



f or&iat 



contents of the packet to validate that 
ions were done properly. 



5. A method as recited in claim 1, wherein the IP 
communication tunnel uses Generic Routing Encapsulation 
as the transformation. 



20 
21 



6. A method As recited in claim 1, with the step of 
validating includes: 



:^u 
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1 configuring a router to filter a subset of packets; 

2 generating IP packets with markings on the 

3 communication tunnel; and 

4 examining the filtered packets to validate that the 

5 transformation has been done properly. 



6 7. A method as recited in claim 6, used for validation 

7 of a partial route transformation. 



8 8. A method as recited in claim 1, wherein the IP 

9 communication tunnel uses the IP-security protocols 
10 establishedlusing the Internet Key Exchange. 



11 



9. A method! as recited in claim 1, wherein the IP 
:iori 



12 communicatiori tunnel uses IP compression as the 

13 transformation . 

14 10. A method las recited in claim 1, wherein the IP 

15 communication tunnel uses network address translation 

16 as the transformation. 

17 ^l. A method f^pr validating establishment of an IP 

18 communication tunnel, the method comprising: 

19 validating that transformations from an originator of a 

20 validation process have been established properly; 

21 requesting that ai least one other participant in the 

22 tunnel validate tli^t the transformations from that 

23 participant have b^en established properly; and 

\ 
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commu: 



verifying that the other participant in the tunnel can 



icate with the originator of the validation 



process 




.2. Afc apparatus for validating establishment of IP 
communication tunnels, comprising: 



7 a transformation validator for validating that the 

8 transformations from an originator of the validation 

9 process Aas been done properly; and 
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a communication validator for validating that at least 
one participant in the tunnel can communicate with the 
originato^ . 

13. An apparatus for validating establishment of IP 
communication tunnels as recited in claim 6, further 
comprising! a remote party transformation validator for 
validating Ithat at least one participant in the tunnel 
performs the transformation properly. 

14. An article of manufacture comprising a computer 
usable medium having computer readable program code 
means embodied therein for causing validation of 
establishment of at least one IP communication tunnel, 
the computer Ireadable program code means in said 
article of manufacture comprising computer readable 
program code means for causing a computer to effect the 
steps of claim 1. 
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15. A computer program product comprising a computer 
usable medium having computer readable program code 
means embodied therein for causing validation of 
establishment of at least one IP communication tunnel, 
the computer readable program code means in said 
computer program product comprising computer readable 
program cope means for causing a computer to effect the 
steps of claim 1. 



16. A program storage device readable by machine, 
tangibly embodying a program of instructions executable 
by the machine to perform method steps for validating 
establishment of at least one IP communication tunnel, 
said method steps comprising the steps of claim 1. 

17. An article of manufacture comprising a computer 
usable medium! having computer readable program code 
means embodied therein for causing validation of 
establishment >of at least one IP communication tunnel, 
the computer readable program code means in said 
article of manufacture comprising computer readable 
program code means for causing a computer to effect the 
steps of claim 11. 

18. A computer program product comprising a computer 
usable medium having computer readable program code 
means embodied therein for causing validation of 
establishment of a^t least one IP communication tunnel, 
the computer readable program code means in said 
computer program product comprising computer readable 
program code means for causing a computer to effect the 
steps of claim 11. \ 
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1 19, A program storage device readable by machine, 

2 tangibly \embodying a program of instructions executable 

3 by the machine to perform method steps for validating 

4 establishment of at least one 'IP communication tunnel, 

5 said method steps comprising the steps of claim 11. 

. ^ . „L, ,„„,. „ 

7 a computer usable medium having computer readable 

8 program cod4 means embodied therein for causing 

9 validation of establishment of at least one IP 

10 communication tunnel, the computer readable program 

n 11 code means in said computer program product comprising: 

S| 12 computer readable program code means for causing a 

u 13 computer to efifect the functionality of a 

SI 1 

mi 14 transformation! validator for validating that the 

15 transformation* from an originator of the validation 

□ 16 process has been done properly; and 

ill I 

O 17 computer readable program code means for causing the 

!»f 18 computer to ef f ict the functionality of a communication 

19 validator for validating that at least one participant 

20 in the tunnel can communicate with the originator. 

21 21. A computer ptogram product recited in claim 20, 

22 wherein the computer readable program code means 

23 further comprises Icomputer readable program code means 

24 for causing the computer to effect the functionality of 

25 a remote party transformation validator for validating 
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1 that at least one participant in the tunnel performs 

2 the transformation properly. 
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